CVE-2022-23434

CWE-94Code Injection3 documents3 sources
Severity
3.3LOW
EPSS
0.1%
top 68.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Samsung Mobile Bixby VisionSamsung Bixby
Timeline
PublishedFeb 11
Latest updateFeb 12

Description

A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:NExploitability: 1.8 | Impact: 2.5

Affected Packages2 packages

CVEListV5samsung_mobile/bixby_vision-3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below
NVDsamsung/bixby< 3.7.50.6+1

🔴Vulnerability Details

2
GHSA
GHSA-2gw6-v2h7-g6vm: A vulnerability using PendingIntent in Bixby Vision prior to versions 32022-02-12
CVEList
CVE-2022-23434: A vulnerability using PendingIntent in Bixby Vision prior to versions 32022-02-11
CVE-2022-23434 (LOW CVSS 3.3) | A vulnerability using PendingIntent | cvebase.io